As Google has dug deeper into Symantec's certificate issuance, they've found many bogus certs, triggering an internal audit by Symantec that found literally thousands of "misissued" certificates. Google has announced that as of June 1 2016, it will no longer honor certificates from Symantec unless Symantec becomes a full participant in Certificate Transparency, on the basis that its sloppiness makes its certs intrinsically untrustworthy without the ability of third parties to have complete transparency into Symantec's cert issuance.

They've also demanded a third-party audits of Symantec's procedures, and detailed plans for remediating their security flaws.

It’s obviously concerning that a CA would have such a long-running issue and that they would be unable to assess its scope after being alerted to it and conducting an audit. Therefore we are firstly going to require that as of June 1st, 2016, all certificates issued by Symantec itself will be required to support Certificate Transparency. In this case, logging of non-EV certificates would have provided significantly greater insight into the problem and may have allowed the problem to be detected sooner.

After this date, certificates newly issued by Symantec that do not conform to the Chromium Certificate Transparency policy may result in interstitials or other problems when used in Google products.

More immediately, we are requesting of Symantec that they further update their public incident report with:

A post-mortem analysis that details why they did not detect the additional certificates that we found.

Details of each of the failures to uphold the relevant Baseline Requirements and EV Guidelines and what they believe the individual root cause was for each failure.

We are also requesting that Symantec provide us with a detailed set of steps they will take to correct and prevent each of the identified failures, as well as a timeline for when they expect to complete such work. Symantec may consider this latter information to be confidential and so we are not requesting that this be made public.

A new study reported in Nature (Sci-Hub mirror) tracks down the origins of the mysterious rise in CFC-11, a banned ozone-depleting greenhouse gas whose rise was first reported a year ago, and blames the increase on manufacturing in eastern China.

The Virginia Pirate Corporation is a startup that brokers sales of used textbooks at colleges; they're suing North Charleston, SC's Trident Technical College over its inclusion of textbook fees in tuition, meaning that students will have already paid for new textbooks when they pay their tuition.

Trying to earn a promotion? Memorial Day weekend might be a good place to start. There are tons of e-learning packages that can help you build professional skills a lot quicker (and cheaper) than any technical academy. Whether you want to earn IT certifications, learn to code, become a designer, or anything else, these comprehensive […]

If you’re into tools or gadgets, Memorial Day weekend is your Christmas. Take an extra 15% off the final price of these DIY accessories – all of which are already on sale – by entering the promo code WEEKEND15. LUXJET Universal 24-in-1 Magnetic Screwdriver Set & Repair Kit This small but sturdy kit won the […]

If you can build a cloud infrastructure, you can build a business. Companies are overwhelmingly turning to cloud computing to set up or bolster their network, and it’s easy to see why. It allows on-demand access to processing power, a la carte services, and nearly unlimited storage, all without adding extra systems and the maintenance […]